WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel] [XSM] Can't Build Policies

from [Thomas DuBuisson] [Permanent Link][Original]
To: "George S. Coker, II" <gscoker@xxxxxxxxxxxxxx>
Subject: Re: [Xen-devel] [XSM] Can't Build Policies
From: Thomas DuBuisson <thomas.dubuisson@xxxxxxxxx>
Date: Thu, 9 Apr 2009 11:04:16 -0700
Cc: xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxx>
Delivery-date: Thu, 09 Apr 2009 11:04:48 -0700
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=LftBETeQvxQJSne40qk9fDF9JXbj+5qJk9fM/J0D1VI=; b=j+IdJyOp8WR6K09f8cL4BAV035Uu2EIPRTvQGqXqXK1vV0v4o8bK1Oa6Qw3i/oNH+0 G8FFOlnCOopBBc46vxziMG6jFiadTirDLEcddqKmQh4Lc/pp1Y/z3FgZMPp2noE6Sjci UI/Zg7MIHp8WbKTVlSTnc0jEnLl99x0aP2tlM=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=dyzOqgoMhKksK9Z3EVsRIlfbifzCz55choEanxC6SZyeCQIdMJjC3m3oXH9SIUTCKf EfegfP38xcXziZSpvTEJk0csTmbI3Yyyj402MS/CyD4oehx6v5jG3rGqsDeShyXGfLDr vOMPnLbnp/f6hLAkzLtULXN9p9T8dv3XaJEks=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <C6037474.2CD3F%gscoker@xxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <4c44d90b0904081455mf28efafx8f558c1aa0d7aae2@xxxxxxxxxxxxxx> <C6037474.2CD3F%gscoker@xxxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx 
Oops, right you are on the colon, but it still doesn't work correctly
(even updated, cleaned, rebuilt) which I'm guessing is something to do
with a broken checkpolicy install if it works for you.  I'll explore
that.

--------------------
[tom@Mavlo policy]$ /usr/bin/checkpolicy -d -c 20 policy.conf -o policy.20
/usr/bin/checkpolicy:  loading policy configuration from policy.conf
tmp/only_te_rules.conf":55:ERROR 'syntax error' at token ':' on line 491:
################################################################################
allow dom0_t xen_t:xen {kexec readapic writeapic mtrr_read mtrr_add
mtrr_del scheduler physinfo heap quirk readconsole writeconsole
settime microcode};
checkpolicy:  error(s) encountered while parsing configuration
--------------------

Thomas

On Thu, Apr 9, 2009 at 6:46 AM, George S. Coker, II
<gscoker@xxxxxxxxxxxxxx> wrote:
>
>
>
> On 4/8/09 5:55 PM, "Thomas DuBuisson" <thomas.dubuisson@xxxxxxxxx> wrote:
>
>> Using the latest libsepol, libselinux, checkpolicy from [1] (also
>> tried [2]), I can't get xen-unstable.hg/tools/flask/policy to build:
>>
>> Using make:
>> ------------------------------
>> [tom@Mavlo policy]$ make policy
>> cat: /selinux/policyvers: No such file or directory
>> Creating xenrefpolicy policy.conf
>> m4 -D self_contained_policy  -s tmp/pre_te_files.conf
>> tmp/generated_definitions.conf tmp/all_interfaces.conf
>> tmp/all_attrs_types.conf policy/global_booleans policy/global_tunables
>> tmp/only_te_rules.conf tmp/all_post.conf > tmp/policy.conf.tmp
>> sed -e /^portcon/d -e /^nodecon/d -e /^netifcon/d <
>> tmp/policy.conf.tmp > policy.conf
>> Compiling xenrefpolicy policy.20
>> /usr/bin/checkpolicy -c 20 policy.conf -o policy.20
>> /usr/bin/checkpolicy:  loading policy configuration from policy.conf
>> tmp/only_te_rules.conf":55:ERROR 'syntax error' at token ':' on line 489:
>> ##############################################################################
>> ##
>> allow dom0_t xen_t:xen {kexec readapic writeapic mtrr_read mtrr_add mtrr_del
>> checkpolicy:  error(s) encountered while parsing configuration
>> make: *** [policy.20] Error 1
>> -----------------------------------
>>
>> Direct checkpolicy call (after fixing that newline on the 'allow') is the
>> same:
>> ------------------
>> [tom@Mavlo policy]$ /usr/bin/checkpolicy -d -c 20 policy.conf -o policy.20
>> /usr/bin/checkpolicy:  loading policy configuration from policy.conf
>> tmp/only_te_rules.conf":55:ERROR 'syntax error' at token 'xen' on line 489:
>> ##############################################################################
>> ##
>> allow dom0_t xen_t xen {kexec readapic writeapic mtrr_read mtrr_add
>> mtrr_del scheduler physinfo heap quirk readconsole writeconsole
>> settime microcode};
>> checkpolicy:  error(s) encountered while parsing configuration
>> -------------------
>
> I just checked, there doesn't seem to be anything broken in the tree (I can
> build and load the sample policy).
>
> It's hard to say what your problem is but I notice in your debug output that
> you are missing the colon separator between the types and the class, e.g.
>
>    allow dom0_t xen_t: xen {kexec ....}
>
> Please check your edits and try make clean, make policy.  You can call
> checkpolicy by hand as above but remember that policy.conf is created during
> the build process and any changes to the core policy files will not be
> reflected in policy.conf unless you rebuild it through the make file.
>
>
>>
>> I no longer remember anything about the syntax of this language -
>> could someone else give me a hand?
>>
>> Thomas
>>
>> [1] http://userspace.selinuxproject.org/releases/20090403/devel/
>> [2] http://userspace.selinuxproject.org/releases/20080909/stable/
>>
>> _______________________________________________
>> Xen-devel mailing list
>> Xen-devel@xxxxxxxxxxxxxxxxxxx
>> http://lists.xensource.com/xen-devel
>
> --
> George S. Coker, II <gscoker@xxxxxxxxxxxxxx>
>
>
>

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [Xen-devel] tools build error in xen-unstable tip (c/s 19515)?, Dan Magenheimer
Next by Date:  RE: [Xen-devel] 10 million cycles disappearing, Dan Magenheimer
Previous by Thread:  Re: [Xen-devel] [XSM] Can't Build Policies, George S. Coker, II
Next by Thread:  [Xen-devel] [PATCH] MCE: some fixes and a little cleanup for mce_intel.c, Frank van der Linden
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy